Efail or OpenPGP is safer than S/MIME

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 11:15:42 CEST 2018

> So how do we enforce MDC checking at the receiving end? I assume this is
> something that has to be handled by the calling program at the moment.

By default, GnuPG will scream bloody murder if a message lacks an MDC or
if the MDC is invalid.  At that point it's up to your email client to
pay attention to the warning and do the right thing.  Enigmail 2.0 and
later are fine, but I can't speak for other systems.

Of course, if you're crazy enough to disable the MDC check
("--no-mdc-warning") then all bets are off, but really, you'll get what
you deserve.

> I see that MDC is the default for all modern ciphers, but does that imply
> that MDC *checking* is the default?

MDC is an attribute of the packet, not the cipher.  By default, all
ciphers in the GnuPG suite use MDC.

Hope this puts your mind at ease.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/ee6f5895/attachment.sig>

More information about the Gnupg-users mailing list